Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 3 subscribers
  • Views 62738 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to fix host to outgoing interface

MongkolPirarak

My software UTM 9 9.407-3, In my home I have 4 IP camera and 1 NVR. IP camera and NVR have DDNS of each. I have 2 internet line. How to fix all ip camera and NVR out to 1 internet line because more 1 internet line not support DDNS of ip camera and NVR.



This thread was automatically locked due to age.
  • 0

    Hi,

    Your question is bit confusing. If you are trying to resolve the cameras from a single DDNS domain then configure different ports for each camera in the DNAT policy. Configure DNAT policy in UTM. Refer this community.sophos.com/.../115145 . 

    Hence, camera A resolves when request comes on www.abc.com:81 and camera B resolves on www.abc.com:82 

    So your DDNS would point the host address to UTM and with your 4 IP cameras and NVR as private addresses, you may configure DNAT as per the KB article provided above.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    Hi, and welcome to the UTM Community!

    Like Sachin, I'm not sure I understand your question.  If neither his nor my answer helps, please give us a simple diagram that shows what you want to access from the Internet.

    Generally, one accesses the NVR to watch one or all cameras.  If you have an FQDN that points to the WAN-1 interface and you have a NAT rule like:

    DNAT : Internet -> Web Surfing -> WAN-1 (Address) : to {NVR}

    All of the requests to the NVR will come in through WAN-1 and all of the responses from the NVR will automatically be sent out from WAN-1.  That's Networking 101, so I bet that wasn't your question.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Hi Mongkol,

    If the NVRs and cameras are configuring the DynamicDNS themselves and not the UTM then when you have two default gateway on the UTM, uplink balancing will be enabled and the UTM will push all connections out to the internet in a round robin format which will mess with DynamicDNS every time the connection is made on a different interface. In addition to what Sachin and BAlfson have said for incoming, for connections being made from your internal network to the internet which you want bound only to one IP the simplest way to do this is to create an SNAT under Network Protection > NAT > NAT tab with the following properties:

    • Source: Network Group of the devices you want to go out via one gateway
    • Services: Any
    • Destination: Internet IPV4 definition
    • Change Source Address to: Put Interface Address of desired gateway here
    • Don't change Service
    • Automatic Firewall rule to enabled

    What this will do is use the SNAT to force all traffic to bypass uplink balancing and go out with the source IP of the gateway interface you've chosen :)

    Hopefully this helps!

    Emile

Unfiltered HTML